Deabute
App Links
Product Info
About
© Paul Beaudet 2021

Time Intent: Privacy Policy

Privacy Policy

This isn't an official legal privacy policy but the short of it is as follows.

TL;DR: We are only interested in data we absolutely need to handle. The plan is to be a subscription service not a data mining operation.

Terms used

  • We / our: Deabute and its associates
  • You / your: The user of https://plan.deabute.com
  • Two People: Probably Bob and Alice the proverbial talking partners

Subscription Services

  • We will data associated with your payment information like name, email, and user identifier
    • The purpose is to authorize your use of our paid service.
    • Actual payment information will be only sent to our payment processor (Stripe).
    • We do our best to not identify authorization tokens with your personally encrypted data.
    • A client can uniquely computationally prove its association with its user identifier

Online/offline Multi-Device (Cloud-sync)

  • We make a best effort but do not guaranty meta-data privacy and end to end encryption.
  • Keep in mind there is always data about data, time of writing is an inherent identifier in our database.
  • Likewise, keep in mind if you hid a secrete message in the woods and only two people ever walked in and out of the woods it would be easy to assume who was exchanging the messages.
  • User identifiers are shared between personally peer-connected clients,
  • Encryption keys are pre-shared peer to peer. Without the keys the data practically speaking not useful.
  • Encrypted data without keys is more effectively deleted than traditionally deleted data, as such we consider these concepts the same in regards to removal request.

Realtime Multi-Device (Peer to Peer Sync)

  • When clients are connected we store a client identifier and peer-to-peer routing information for your clients so those clients can connect with each other.
    • A client can uniquely computationally prove its association with its client identifier.
    • User identifiers and client identifiers are two separate things.
  • When the client is connected its client id is stored for the duration of that connection along with the time of connection.
    • This event is timestamped because of the inherent way our database creates identifiers.

Backup (Full workspace restore)

  • A Service Password, Service ID, Key Password and Key File Id are set up for cold start service restoration and version control.
    • These credentials accomplish the following
      • The service password and service id confirms access to your subscription
      • This is auto-generated and stored in client for other services
      • The Key File Id and key password, retrieve and unlock the file that has the credentials to "unfold" your workspaces history.
    • Separating credentials help remove your personal data from identifying payment information.

With whom or when do we share this data

  • Any Data: By legally verifiable legitimate legal request in the USA.
  • Data covered in P2P: Requesting clients (Id and peer to peer routing).
  • Data covered in Cloud-Sync: Used Interservice.

Service Providers

  • Hosting: Mongo Atlas, AWS (Amazon).
  • Payments: Stripe
  • Temp STUN servers: Google, stunprotocol.org.

Who do you share meta-data with outside our control

  • Your ISP.
  • Your DNS provider.
  • Your VPN, TOR, and Ad Blocking provider (If any are applicable).
  • More than likely your government and or somebody else's.
  • Internet backbone routers.
  • Unauthorized remote actors: In your computer, or any of the above computer systems in this list or service providers.

Quantum Tin Hats

  • The ability to reverse encryption is theoretical, though currently infeasible might be inevitable.
    • All data you ever put in a computer system might be put in the free and clear.

Right to deletion

  • Stop using the service, we don't want the liability of storing your identifying data.
    • Your stagnate data has a time to live, it's systematically removed after some time.
    • Keep in mind we care more about the data of our active users and have to pay to store and handle it.
  • Should we should make it easy for you to ask for removal?
    • Sounds like a great idea.
    • Do you want some rando to remove your access to the service? Probably not.
    • We will require proof of identity in jurisdictions where this is legally required.
  • Deletion is inconceivable
    • We don't think that word means what you think it means.
    • Seriously, Lookup how computers "delete" things.

You don't like this policy

  • We don't like it either, rather be holding hands around the fire singing camp songs.
  • Really, please stop using services that you think are miss-handling your private data, nobody is forcing you.
  • Keep in mind other privacy policies might be written more politely, but are more than likely establishing broad rights to do whatever they need or want to do with your data.
  • This abridged policy is intended to be a brutally honest assessment of how we handle and retain user data.